Best practices for managing a IAM account that Terraform will use (AWS)

I am creating many resources in AWS with terraform and would like to know the best practice for managing resources and how to restrict access as much as possible.

For example.
I have a script to create an S3 bucket, so I would need to create an IAM user and policy to allow access for Terraform to create this.
What I would also like to do is limit the scope of this access so Terraform can Only affect the resources that are being created. Is this possible , as the resource would not have been created before the script runs, therefore AWS would not know about the existing resource.

If not, is there a recommended way of dealing with this? I would rather not give terraform full access to all resources if possible.